Note this is an open letter to PayPal regarding their PayPal Website Payments Pro hosted service which you can find out about on x.com
Dear PayPal
I think we are petty close, I develop on your services, you charge me lots of money in fees, I go to your conferences and generally moan to your dev team. Normally I keep my scorn of idiotic mistakes to just your ears but PayPal Pro Hosted really is a nasty mess.
So what, most of PayPal is a hideous mess! But the Adaptive APIs are so nice and a standard you should be looking to (though docs still need updating and the SetPay API is just nuts). Hosted Pro on the other hand is like someone took a bunch of kindergarden kids and asked them what they want in a system result shiny encrypt-able buttons.
The thing is it was so easy for it not to be…
1. User comes to site and starts payment flow
2. Server sends some details to PayPal, PayPal returns a token, which you append to a URL and open in an Iframe.
3. A box with Credit Card details appears you fill in the card details and hit go, on success you return the frame to a dedicated page, and on failure another if you want you can even frame bust on the way out.
4. The server then can double check via getTransactionDetails with the token you gave.Sound familiar? It’s the same way your other APIs work, and guess what it works quite well!
It’s neither hard nor complicated, it doesn’t involve pretty buttons, and if someone wants to send extra parameters across they can do so in a controlled sane manner.
This seems like such a sensible approach, it’s hard to believe it wasn’t thought about and unless I have missed some major flaw, the current implementation still generates and populates an Iframe it just does it in a really ugly manner especially when you switch javascript off. The worries about security with Iframes are still there but generally with a far worse user experience, as in most cases Hosted Pro requires at least 1 more superfluous button and a lot of styling to make the Iframe work in the page.
Right now PayPal Pro Hosted is not a solution it’s a toy, I can sort of understand why it’s perhaps a little unloved, but when I saw it originally I really wanted it to be so much more I wanted a feature rich chromeless PayPal screen which I could take credit and debit card transactions, I wanted reoccurring billing and the option to authorise cards. Just think if you actually put the time and effort you did into Adaptive into PayPal Hosted it could be an awesome service and let’s face it with PRO you are not only getting the transaction fees but also charging a monthly fee so its in your interest to make me want to use it (ok not me but my clients certainly).
Sadly I’m having to look for an alternative for our in house apps, as I do not want to go through running a full PayPal Website Pro integration, especially when sadly there are cheaper merchant gateways out there that won’t suddenly freeze access to all your account and money. I’m still a fan, I’m not even that upset I’m just disappointed…
Hugs and Kisses
Tim
If anyone has a suggestion for a UK based solution, that uses Iframes to process the actual payment, rather then web forwarding, or doing Direct Card Payments, please do let me know.
Hopefully the above letter can be used inside PayPal to chivy some sort of sanity amongst them, but meh I’m just a pesky developer.
2 comments
We’re in the UK, just setting up a new ecommerce site.
I was re-reading your Big Mac article and decided to look around for more of your articles and – hey! this sounds familiar – questions about Paypal…
So now, more than a year down the road – do you have a solution?
Sorry for the exceedingly long delay in responding I suspect nearly a year is a record, the answer is yes and no. Since this post PayPal has had a philosophy shift and have joined all be it grumpily the rest of the Payment industry with dedicated REST API calls for Card payments. Currently US only but it’s coming in the mean time if you are in the UK check out Braintree and Stripe who are both fantastic PayPal alternatives.